build(deps): bump ip-address from 10.1.0 to 10.2.0

[dependabot]

Bumps ip-address from 10.1.0 to 10.2.0.

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

---

Summary by cubic

Update ip-address from 10.1.0 to 10.2.0 (minor release). Only yarn.lock changed.

^{Written for commit 86e822c. Summary will update on new commits.}

[cla-assistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[cla-assistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[augmentcode]

🤖 Augment PR Summary

Summary: Updates the ip-address npm dependency from 10.1.0 to 10.2.0.

Changes:

• Regenerates yarn.lock to reflect the new ip-address version (Dependabot bump).

_{🤖 Was this summary useful? React with 👍 or 👎}

[augmentcode]

Review completed. No suggestions at this time.

Comment augment review to trigger a new review at any time.

[cubic-dev-ai]

No issues found across 1 file

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 0 complexity · 0 duplication

Metric	Results
Complexity	0
Duplication	0

View in Codacy

_{NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​types/​cookie@​1.0.0
	@​cypress/​browserify-preprocessor@​3.0.2
	electron@​38.8.4
	@​radix-ui/​react-slot@​1.2.4
	@​jitsu/​jitsu-react@​1.10.4
	@​ai-sdk/​openai@​1.3.24
	@​typescript-eslint/​parser@​8.32.1 ⏵ 8.56.1
	@​emoji-mart/​react@​1.1.1
	@​commitlint/​travis-cli@​20.4.2
	@​commitlint/​cli@​20.4.2
	@​atlaskit/​pragmatic-drag-and-drop-hitbox@​1.1.0
	@​emoji-mart/​data@​1.2.1
	@​cucumber/​cucumber-expressions@​19.0.0
	@​hapi/​shot@​6.0.1 ⏵ 6.0.2	+1		+1
	@​ai-sdk/​react@​1.2.12
	@​blueprintjs/​popover2@​2.1.32
	@​cucumber/​gherkin@​38.0.0
	@​atlaskit/​pragmatic-drag-and-drop@​1.7.8
	@​excalidraw/​excalidraw@​0.18.0
	pako@​1.0.11 ⏵ 2.1.0	-1
	@​typescript-eslint/​eslint-plugin@​8.32.1 ⏵ 8.56.1	+1		+1
	nanoid@​3.3.11 ⏵ 5.1.6			-1
	marked@​17.0.3
	@​fullcalendar/​list@​6.1.20
	@​commitlint/​config-lerna-scopes@​20.4.0
	@​blueprintjs/​core@​6.9.1
	cross-env@​7.0.3
	@​hello-pangea/​dnd@​18.0.1
	@​electron/​notarize@​2.5.0
	@​fullcalendar/​daygrid@​6.1.20
	@​fullcalendar/​timegrid@​6.1.20
	@​headlessui/​react@​2.2.9
	@​auth/​core@​0.34.3
See 26 more rows in the dashboard

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		HTTP dependency: npm @electron/rebuild depends on https://github.com/electron/node-gyp#06b29aafb7708acef8b3669835c8a7857ebc92d2 Dependency: @electron/node-gyp@https://github.com/electron/node-gyp#06b29aafb7708acef8b3669835c8a7857ebc92d2 Location: Package overview From: apps/server-web/package.json → npm/@electron/rebuild@3.7.2 ℹ Read more on: This package | This alert | What are http dependencies? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Publish the HTTP URL dependency to a public or private package repository and consume it from there. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@electron/rebuild@3.7.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Potentially malicious package (AI signal): npm @google-recaptcha/core is 60.0% likely malicious Notes: This module provides a targeted utility to disable Google reCAPTCHA by removing relevant scripts and clearing the grecaptcha config. While it may be used for legitimate testing or automation, it also enables circumvention of bot protections, representing a potential security risk if misused. It does not exfiltrate data or execute remote commands but undermines a client-side security control. Confidence: 0.60 Severity: 0.90 From: ? → npm/@google-recaptcha/react@2.4.0 → npm/@google-recaptcha/core@1.1.2 ℹ Read more on: This package | This alert | What is AI-detected potential malware? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Given the AI system's identification of this package as malware, extreme caution is advised. It is recommended to avoid downloading or installing this package until the threat is confirmed or flagged as a false positive. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@google-recaptcha/core@1.1.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm @jitsu/js is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: ? → npm/@jitsu/jitsu-react@1.10.4 → npm/@jitsu/js@1.10.4 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@jitsu/js@1.10.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report